Surprised by snort classtype...

[Guise McAllaster <guise.mcallaster () gmail com>]

Gents,

Yesterday I was tasked with giving an executive level presentation to the
CISO and CFO for the security benefits of Snort in an IDS role as a budget
justification for a SourceFire IPS sensor/appliance and VRT subscription.
The presentation was going quite well and they asked about content filter
and policy violations and I showed several examples, including classtype,
from our live system.  Sadly, several of the entries contained
"kickass-porn" and the female CISO was very upsetting.  Both the CFO and
CISO reacted negatively, claims an Enterprise-Ready product would never use
such unprofessional profane names.  I was surprised too and looked in the
manual and saw that the description for "kickass-porn" was, "SCORE! - get
the lotion".  What? >:-0 Really? Now I'm looking at a budget trim for this
year as well as being forced away from adoption of the SF IPS product since
a similar asstype is used.

While most IDS mates can laugh it off this is something to keep in mind with
regard to the professionalism such word choices say.  In this case, with
some fault of my own for not scrubbing the bits, it cost me what I would
rate a top notch IPS product.  Now I'm forced to settle for something
inferior. :(  Just wanting to warn others to not make my same mistake.

Guise

------------------------------------------------------------------------------
Throughout its 18-year history, RSA Conference consistently attracts the
world's best and brightest in the field, creating opportunities for Conference
attendees to learn about information security's most important issues through
interactions with peers, luminaries and emerging and established companies.
http://p.sf.net/sfu/rsaconf-dev2dev

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs